I think that’s what I’m saying, yes. By going through the motions (M3, 13150 M4s, M6), a 51% attacker can spend coins that don’t belong to them (drain the sidechain escrow). This is a new incentive that was not previously present for a 51% attacker on mainchain alone.
Discussion
That's not how a Drivechain softfork would work though. It does not add some new ability to both hack the sidechain and give more power to do a 51% attack than already exists. It uses tools that already exist on bitcoin: merged mining, script contracts, miner fees. Lightning and liquid are both softforks that are as vulnerable to 51% and in the same ways as DC. DC democratizes Liquid and simplifies lightning (BMM no need for a seperate node).
Either these two projects and their vulnerabilites are useful, or they are an existential risk to Bitcoin.
Either Or.
Not
Either Or And Drivechain is bad.
In boolean terms.
> It does not add some new ability to… hack the sidechain
It does though. The first paragraph of the BIP300 abstract:
> In Bip300, txns are not signed via cryptographic key. Instead, they are "signed" by hashpower, over time. Like a big multisig, 13150-of-26300, where each block is a new "signature".
“Transactions are ‘signed’ by hashpower.” This is a direct quote. Enforcing these hashpower-signed transactions is the reason that BIP300 requires a softfork.
The ability to sign with hashpower is a new ability enabled by BIP300. This new ability is exploitable by a 51% attacker to take sidechain escrow.
Within the sidechain. Not main.
Notice the single quotes on either side of that word "signed" ? In the github version they are solid double quotes. Meaning, something like or similar to.
Bip300 does not sign a transaction the way you or several people use your keys to sign a transaction.
It's a vote over time ON THE SIDECHAIN, that some txn is valid. It's like saying changing from single round voting to 3 rounds of voting in a small town election, changes the outcome of national presidential election.
Bip300 ads one new Op code, with sidechain parameters and no mainchain affects for people not participating in it. It does not increase the number of bitcoins, it does not change the turing incompleteness of bitcoin script or break anything on chain.
It's going to happen, if you don't get it at this point i've spent enough time explaining, and wish you the best.
I mispoke here, the signing by hashpower is for an on chain transaction, for example pegging out from the side chain to main. But this process is a simple poll vote by miners over time. 51% or more of global hash dominance has no bearing on who gets to vote or how much their vote is valued. The FAQ describes it better.
> But this process is a simple poll vote by miners over time. 51% or more of global hash dominance has no bearing on who gets to vote or how much their vote is valued.
It absolutely does! A 51% miner has the privilege of mining 100% of blocks because they can afford to ignore anyone else’s. Therefore, under BIP300, a 51% miner CASTS ALL VOTES.
Apologies for the emphasis caps, but I want there to be no mistake. In #Bitcoin, a 51% miner doesn’t just mine 51% of blocks. They mine ALL of the blocks.